How to VPN connect between Azure and AWS with Managed Services.by@jkudo
27,071 reads

How to VPN connect between Azure and AWS with Managed Services.

Read on Terminal Reader

Too Long; Didn't Read


Company Mentioned

Mention Thumbnail
featured image - How to VPN connect between Azure and AWS with Managed Services.
Jun Kudo HackerNoon profile picture

@jkudo

Jun Kudo

About @jkudo
LEARN MORE ABOUT @JKUDO'S EXPERTISE AND PLACE ON THE INTERNET.
react to story with heart

Introduction

2019/2/6 IKEv2 compatible news came in at AWS with Site to Site VPN.

AWS Site-to-Site VPN Now Supports IKEv2https://aws.amazon.com/about-aws/whats-new/2019/02/aws-site-to-site-vpn-now-supports-ikev2/

The point when connecting Azure and AWS was that AWS only supported IKEv1.This time, it became possible to realize two-way connection by supporting IKEv2.

However, there are notes.BGP can not be used (it may be possible depending on settings).

The connection configuration diagram is as follows.

image

The procedure is as follows.Azure side1, Create virtual network2, Create gateway subnet3, creation of public IP4, Create virtual network gateway

AWS side5, creation of VPC6, Create subnet7, Create Internet gateway (optional)8, create the customer gateway statically9, Creating Virtual Private Gateway10, create a VPN connection statically11, download the configuration file

Azure side12, Create a local network gateway13, Create connection

AWS side14, add a virtual private gateway to the routing table

optionAzure side15 Setting up two connections

Below, we will explain in Step by Step.

1, Create virtual network

Create virtual network.The segment on the Azure side is 10.0.0.0/16.

image

2, Create gateway subnet

Create a gateway subnet.Open the subnet from the virtual network screen and click on the gateway subnet to create it.

image

Create a subnet created in 1 with another CIDR.

image

Confirm that it was created.

image

3, creation of public IP

Create a public IP.

image

4, Create virtual network gateway

Create a virtual network gateway.

image

5, creation of VPC

Create VPC.The segment on the AWS side is 192.168.0.0/16.

image

6, Create subnet

Create a subnet.

image

7, Create Internet gateway (optional)

Create Internet gateway (optional).

image

Attach the Internet gateway to the VPC.

image

Specify the Internet gateway at 0.0.0.0/0 in the route table.

image

8, create the customer gateway statically

Check the IP address from Azure’s virtual network gateway.

image

Create the customer gateway statically. Enter the IP address confirmed in the previous section in the IP address.

image

9, Creating Virtual Private Gateway

Create Virtual Private Gateway.

image

10, create a VPN connection statically

Create a VPN connection statically. Add the subnet on the Azure side to the prefix.

image

11, download the configuration file

Download the configuration file. It is Generic to choose.

image

Check the following.IPSec Tunnel # 1Pre-Shared KeyOutside IP Addresses:-Virtual Private Gateway

12, Create a local network gateway

Create a local network gateway.For the IP address, set the above-identified IP address (Virtual Private Gateway).In the address space, enter the VPC segment on the AWS side.

image

13, Create connection

Add from virtual network gateway connection.

image

Enter the confirmed common key (Pre-Shared Key).

image

Confirm that it is connected.

image

14, add a virtual private gateway to the routing table

Add a virtual private gateway to the routing table.

image

15 Setting up two connections

Create a local network gateway separately.At this time, check the IPSec Tunnel # 2 of the downloaded file and enter it.After creation, specify the local network gateway you created and create a connection.

By setting up two connections, communication continues even if one connection expires to some time signature.

Communication confirmation

Azure, AWS to confirm that you can communicate with each other.

image

All of the work is completed with this.

Throughput

I roughly measured the throughput using iperf.

Azure:Standard D2s v3 (2 vcpu、8 GB memory)AWS:m5.large (2 vcpu 、8 GB memory)

Azure→AWS

------------------------------------------------------------Client connecting to 192.168.0.5, TCP port 5001TCP window size: 45.0 KByte (default)------------------------------------------------------------[ 3] local 10.0.0.4 port 51160 connected with 192.168.0.5 port 5001[ ID] Interval Transfer Bandwidth[ 3] 0.0-10.0 sec 659 MBytes 553 Mbits/sec

AWS→Azure

------------------------------------------------------------Client connecting to 10.0.0.4, TCP port 5001TCP window size: 45.0 KByte (default)------------------------------------------------------------[ 3] local 192.168.0.5 port 50116 connected with 10.0.0.4 port 5001[ ID] Interval Transfer Bandwidth[ 3] 0.0-10.0 sec 759 MBytes 636 Mbits/sec

I wonder if it is usually faster than a leased line service.

Summary

I was able to confirm that AWS can directly connect with Azure by supporting IKEv2.Until now, it was necessary to prepare a Windows server etc. to VPN Azure and AWS.There is no necessity of setting up a virtual machine by enabling VPN to be established only by the managed service,The need to manage has been reduced, so that we do not care about operation almost.I believe that Azure and AWS can be connected in a mutually managed environment so that it can be used for various purposes in the future.I think that Azure is good at Azure, AWS is good at using AWS, DR for use and I think that there are many useful values.In addition, multi cloud will proceed! !

I am very happy because it was a feature I wanted for years ago!

Original Content (Japanese) : http://level69.net/archives/26362

RELATED STORIES

L O A D I N G
. . . comments & more!
Hackernoon hq - po box 2206, edwards, colorado 81632, usa